package com.sangeng.expression;

import com.sangeng.domain.LoginUser;
import com.sangeng.entity.User;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.stereotype.Component;

import java.util.List;

/**
 * @author: xujiabing
 * @date: 2024-09-16 12:42
 * @description 自定义权限校验方法
 */
@Component("ex")
public class MyExpressionRoot {

    /**
     * 自定义权限校验方法
     * @param authority 注解配置的权限字符串
     * @return
     */
    public boolean hasAuthority(String authority) {
        //1.获取到用户权限集合
        Authentication authentication
                = SecurityContextHolder.getContext().getAuthentication();
        LoginUser loginUser = (LoginUser) authentication.getPrincipal();
        List<String> permissions = loginUser.getPermissions();
        //2.判断用户拥有的权限权限是否包含目标权限
        return permissions.contains(authority);
    }
}
